These are not just example of possible data breaches; they are incidents that have taken place within the healthcare industry, in the last few years. The healthcare industry, which includes hospitals, clinics, diagnostics centres, health insurance companies, medical transcription companies, etc., handles enormous amounts of sensitive and personally identifiable information. Stringent processes must be put into place to secure this data, especially when it is being transferred between departments or outside the organization’s network.

Several healthcare organizations store confidential and highly sensitive data in unprotected and easily portable formats such as Microsoft Excel spreadsheets, Word documents, or PDFs. Data leaks at the hands of employees is a huge risk to the company. Additionally, partners doing services for a hospital often have access to the virtual private network (VPN). While most organizations believe they can secure their own environment, securing those outside of the corporate environment is difficult. Also, most people do not understanding the severity of risk that data outside the corporate perimeter poses.

In order to counter data theft and ensure compliance of organizations within the industry, regulations such as HIPAA and the NHS Directive have been put into place, along with frequent audits. Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of personal health information of covered individuals, and was made mandatory for all healthcare providers and organizations within the industry. The recent enactment of The American Recovery and Reinvestment Act of 2009 (ARRA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act 2009) contained within it, has reinforced the necessity of strong data security measures within healthcare processes.

The Health Insurance Portability & Accountability Act (HIPAA) focuses on the protection of electronic patient healthcare data and information. The goal of HIPAA is to protect patients' privacy and simplify the administrative processes. Its guidelines include information security recommendations that play a significant role in complying with the Privacy Rule. The intention of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system.

The Health Information Technology for Economic and Clinical Health (HITECH) Act is part of the American Recovery and Reinvestment Act (ARRA). The main goal of the HITECH Act is to encourage the adoption of electronic health records (EHRs).

The HITECH Act focuses on establishing a national health infrastructure and providing incentives for the adoption of electronic health records (EHRs). It also provides for "enhanced" privacy protections. This Act now places both the Privacy Rule and the Security Rule as central issues for health care providers. Now, not only is one still subject to civil penalties (and potentially criminal penalties also) for non-compliance, such non-compliance may prevent you from receiving financial incentives for EHR adoption (as provided for in the HITECH Act).

Pawaa Software has addressed the above issues faced by the healthcare industry, with the introduction of its patented innovations – pawaaWEBB and pawaaFILE.

PawaaWEBB is a powerful data protection software that helps the healthcare industry to successfully secure their online data. The software goes beyond traditional authentication and access controls, and provides complete visibility into users’ behavior regarding how confidential and sensitive information is handled.

By using pawaaWEBB, companies can enforce the same IT and security policies on both managed and unmanaged computers, whether they are within or outside the network, thus ensuring uniform security. The user can only visit the URLs that are permitted by the policy. Also hardware such as USB, Bluetooth, CD/DVD are safe guarded so that data leaks cannot be created while in the session.

Detailed logs follow the user’s activities such as applications launched during the pawaaWEBB session, clipboard activities, screenshots, bandwidth usage, print, URL clicks, etc. These are sent back to the server for audit trails, forensic analysis and report generation. Apart from monitoring and controlling user activities and the computer hardware, pawaaWEBB can also mask certain parts of the web pages for certain user groups without having to modify the back end applications and database.

PawaaFILE is a patented Intelligent File Format which is completely secure and addresses some of the basic security issues that exists with the normal file format. It fills several security gaps including the safety and control of the files downloaded from the web and the reports generated from web applications. Any file downloaded or reports generated from pawaaWEBB are automatically converted to the pawaaFILE format.

PawaaFILE provides the healthcare industry complete control over files through its Information Rights Management policies. The policy maker of the company decides who can create the pawaaFILE, from which application, where it can be circulated, what type of authentication mechanism is required to consume the file, when it expires, Information Rights Management policies such as print, save as, edit, screenshot, time bound policies, and much more. So when a pawaaFILE leaves the organization accidentally or maliciously, it is of no use to unintended users outside the organization, or outside the organization's network, based on the policy. Only intended users can use the file, for the time allowed as defined in the policy.

The format of the pawaaFILE requires up to three keys to open the file, making it literally impossible for the hackers to break into it.

The combination of pawaaWEBB and pawaaFILE makes a powerful data leak prevention solution. Together they offer healthcare companies an extremely high level of web and file security, while ensuring that the solution is practically usable. They also help organizations in being compliant with industry regulations including HIPAA and HITECH.

Healthcare organizations store a lot of information, both electronically and on paper. The value of this data can differ. A Social Security number or credit card number by itself has little value, but when combined with the full name, or even the partial name, of the owner, the number becomes valuable. Other types of data alone, or in combination, have varying degrees of value to a perpetrator of fraud. This data is being accessed by many people from different departments and may even be sent outside the company network. A complete audit trail is required, in addition to visibility on who is accessing the information and how the information is being handled. The files downloaded and reports generated from these applications should only be used by intended users, hence preventing any types of data leaks and compliance violations. Through this powerful combination, healthcare companies can now,

PawaaWEBB and pawaaFILE help healthcare companies secure their data without having to make major changes to their IT infrastructure or applications. Together they offer complete control, protection and freedom. Control over user behavior, Protection from data leaks and Freedom to enforce policies without privacy violations.